CVE-2020-29394

HIGH

GENIVI Diagnostic Log and Trace <2.18.5 - Buffer Overflow

Title source: llm
STIX 2.1

Description

A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).

References (4)

Core 4
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/12/msg00016.html
Exploit, Patch, Third Party Advisory
https://github.com/GENIVI/dlt-daemon/issues/274
Patch, Third Party Advisory
https://github.com/GENIVI/dlt-daemon/pull/275
Patch, Third Party Advisory
https://github.com/GENIVI/dlt-daemon/pull/288

Scores

CVSS v3 7.8
EPSS 0.0186
EPSS Percentile 76.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (2)
debian/debian_linux 10.0
genivi/diagnostic_log_and_trace < 2.18.5
Published Nov 30, 2020
Tracked Since Feb 18, 2026